Windows Defender Antivirus comes to macOS as Microsoft Defender ATP

[captain_to_fire]

Source: https://arstechnica.com/gadgets/2019/03/microsoft-ships-anti-virus-for-macos-as-windows-defender-becomes-microsoft-defender/ 

 

Quote

Microsoft is bringing its Windows Defender anti-malware application to macOS—and more platforms in the future—as it expands the reach of its Defender Advanced Threat Protection (ATP) platform. To reflect the new cross-platform nature, the suite is also being renamed to Microsoft Defender ATP, with the individual clients being labelled "for Mac" or "for Windows."

Quote

The initial preview of Defender for Mac will focus on signature-based malware detection. This is just the start, however. Defender ATP for Windows tracks various system behaviors and reports them to the ATP cloud service, which can be used to detect threats even without identifying any specific piece of malware. For example, if a system is iteratively opening and overwriting all its documents, there's a good chance that it's running some kind of ransomware process that's systematically encrypting the user's files. ATP can alert administrators that this is happening. The Mac client should over time grow to include similar reporting capabilities. Microsoft is also integrating it into other cloud services, such as Intune device management.

I mean it shows that Microsoft has way more experience with cyber threats than Apple but to give Apple a break, macOS do come with its own antivirus named “X-Protect” but unlike most antivirus programs where you can do on-demand scanning and has a cloud component where unknown applications/behaviors are uploaded to the cloud for analysis, X-Protect only relies on signatures. https://www.apple.com/business/resources/docs/macOS_Security_Overview.pdf 

Quote

XProtect
macOS includes built-in technology for the signature-based detection of malware. Apple monitors for new malware infections and strains, and updates XProtect signatures automatically—independent from system updates—to help defend Mac systems from malware infections. XProtect automatically detects and blocks the installation of known malware.

 

But this is good for the few Mac users to have a choice unless Apple cripples them too. Macs will continue to become targets of malware and it’s good to have proper defenses. Hopefully Microsoft will defend both against PC and Mac malware. But of course I’m aware of the fact that antivirus programs can become vectors of malware too because of their high privileges. One thing that comes to mind is the file parser used by AVs which was demonstrated by the guys at Google Project Zero to be exploitable and recommends AV programs to run inside a sandbox. [here] [here] [here] So far, only Microsoft has done the work to ensure the antivirus runs inside a sandbox. Hopefully others will follow. 

[elfensky]

But... Why?
It's useful as a built-in anti virus in combination with common sense on windows, but Apple has their own version.

And if you are going to choose a 3rd party antivirus, why not go with one of the bigger players that are specifically dedicated to it like AVG, Avast or Kaspersky...

[Fnige]

But macs dont get viruseseseses... whyyyyyyyyyyyy

 

/s

[captain_to_fire]

3 minutes ago, ElfenSky said:

But... Why? It's useful as a built-in anti virus in combination with common sense on windows, but Apple has their own version.

Microsoft is also selling Intune so I’m guessing it’s their way of unifying their endpoint protection whether the enterprise has Windows or Macs. I think @leadeater is using Intune as well. 

 

Apple’s XProtect only relies on static signatures which is a half assed protection while the ones offered by third parties including Microsoft includes a cloud component. 

[Mira Yurizaki]

3 minutes ago, ElfenSky said:

But... Why? It's useful as a built-in anti virus in combination with common sense on windows, but Apple has their own version.

It was mentioned Apple's version only uses signatures, which isn't really enough.

[dfsdfgfkjsefoiqzemnd]

Nothing to worry about, Microsoft is merely embracing MacOS. 

 

[captain_to_fire]

3 minutes ago, Captain Chaos said:

Nothing to worry about, Microsoft is merely embracing MacOS. 

 

Microsoft has been doing that for decades, from Bill Gates building the floating point BASIC for the 1st Macintosh to the ‘97 Microsoft’s agreement with Apple, up to now. 

 

[mr moose]

6 minutes ago, captain_to_fire said:

Microsoft has been doing that for decades, from Bill Gates building the floating point BASIC for the 1st Macintosh to the ‘97 Microsoft’s agreement with Apple, up to now. 

 

Then according to all the diehards apple should be dead by now, remember it's all evil and EEE.   Or maybe they are just another company like all the rest.

[TempestCatto]

My favourite thing to do on any OSX machine was virus removal. It always shocked the users beyond belief. Some even accused me of "faking it" and installing the viruses myself. Regardless though, I feel like because it's Microsoft, most users may end up not trusting it for that sole reason. Even if it turns out to be good/decent, there will be those that deny its success because of the company that made it. You know what? That behaviour sounds familiar (i'm guilty of it myself)

[mr moose]

2 minutes ago, TempestCatto said:

My favourite thing to do on any OSX machine was virus removal. It always shocked the users beyond belief. Some even accused me of "faking it" and installing the viruses myself. Regardless though, I feel like because it's Microsoft, most users may end up not trusting it for that sole reason. Even if it turns out to be good/decent, there will be those that deny its success because of the company that made it. You know what? That behaviour sounds familiar (i'm guilty of it myself)

That I am afraid is a mindset that we encounter all too often across all subsets of life.   

[Blademaster91]

This is funny though because Apple refused to share malware definitions, now they want Microsoft's antivirus lol.

[YaBoiWill]

26 minutes ago, ElfenSky said:

Kaspersky

Personally I was recommend by an old friend not to use them because of security threats. He works in an institution that protects many computer networks, but its not a anti-competition typed recommended one if that makes sense

[captain_to_fire]

Just now, Blademaster91 said:

This is funny though because Apple refused to share malware definitions, now they want Microsoft's antivirus lol.

Inb4 Apple bans or cripples antivirus apps for the Mac unless they give Apple a 30% cut. 

 

They're that kind of greedy

[Ashley MLP Fangirl]

malwarebytes on macOS has been a thing for a long time. i trust that way way way more than microsoft's stupid antivirus. 

[captain_to_fire]

29 minutes ago, ElfenSky said:

And if you are going to choose a 3rd party antivirus, why not go with one of the bigger players that are specifically dedicated to it like AVG, Avast or Kaspersky...

It's always nice to have a choice. Ever since the Fall Creators Update, Windows Defender is getting better even though it's not the one I use. Hopefully this will translate to the Mac counterpart as well. 

[Crunchy Dragon]

1 minute ago, firelighter487 said:

malwarebytes on macOS has been a thing for a long time. i trust that way way way more than microsoft's stupid antivirus. 

Agreed.

 

Windows Defender isn't bad as long as you're safe and responsible online. I only really have Malwarebytes as a backup, personally.

[Ashley MLP Fangirl]

1 minute ago, Crunchy Dragon said:

Windows Defender isn't bad as long as you're safe and responsible online. I only really have Malwarebytes as a backup, personally.

windows defender is bad in general. it's worthless. i have malwarebytes premium and i'm very happy with it. 

[GoodBytes]

2 minutes ago, Crunchy Dragon said:

Agreed.

 

Windows Defender isn't bad as long as you're safe and responsible online. I only really have Malwarebytes as a backup, personally.

Well now you have Windows Defender Browser Protection extension for Chrome:

https://chrome.google.com/webstore/detail/windows-defender-browser/bkbeeeffjjeopflfhgeknacdieedcoml

 

[captain_to_fire]

5 minutes ago, firelighter487 said:

windows defender is bad in general. it's worthless. i have malwarebytes premium and i'm very happy with it. 

I hope you read reports. Windows Defender actually catches more than Malwarebytes. 

https://www.av-test.org/en/antivirus/home-windows/windows-10/december-2018/malwarebytes-premium-3.6-184912/ 

https://www.av-test.org/en/antivirus/home-windows/windows-10/december-2018/microsoft-windows-defender-4.18-184914/

 

Malwarebytes kinda suck when it comes to real time protection according to tests https://www.mrg-effitas.com/wp-content/uploads/2017/08/MRG-Effitas-360-Assessment_2017_Q2_v2.pdf 

[RejZoR]

Windows Defender isn't bad. It's just horrendously slow and I can't for the love of all that's holy to understand why. It literally halts my system to a full stop when it decides to scan almost anything. On a frigging 12 threaded monster at 4.5GHz, 32GB RAM and only and entirely 2TB SSD. A really fast one. It was this slow when this system was an actual monster few years ago and it's still slow on it for some dumb reason. Where other AV's, basically ANY other just flies through files even on first scan and on all next it's like they aren't even there. Windows Defender is like that only when it has scanned the files once. Which means you'll get this slowdown shit with every new file or batch of such new files.

 

Detection and technology in regards of protection, Windows Defender has evolved, but performance is just pathetic even now. This was really the biggest issue with it since the beginning, it just used to also suck detection wise back then too...

[Hellion]

Trash attracts trash. Why is anyone surprised?

[mr moose]

2 minutes ago, captain_to_fire said:

I hope you read reports. Windows Defender actually catches more than Malwarebytes. 

https://www.av-test.org/en/antivirus/home-windows/windows-10/december-2018/malwarebytes-premium-3.6-184912/ 

https://www.av-test.org/en/antivirus/home-windows/windows-10/december-2018/microsoft-windows-defender-4.18-184914/

 

Malwarebytes kinda suck when it comes to real time protection according to tests https://www.mrg-effitas.com/wp-content/uploads/2017/08/MRG-Effitas-360-Assessment_2017_Q2_v2.pdf 

Most reviews for it only rate it behind the others due to lack of features (stuff like scheduled scans).   As far as detection goes it's sometimes better and sometimes worse depending on the test suite.

 

But generally just as good.

 

https://www.techradar.com/au/reviews/windows-defender

https://www.tomsguide.com/us/windows-defender,review-2209.html

 

 

[79wjd]

3 minutes ago, Hellion said:

Trash attracts trash. Why is anyone surprised?

Good also attracts trash evidently.

[2FA]

21 minutes ago, YaBoiWill said:

Personally I was recommend by an old friend not to use them because of security threats. He works in an institution that protects many computer networks, but its not a anti-competition typed recommended one if that makes sense

And it's a damn shame because Kaspersky performs so well. They were infiltrated by the FSB, and when a senior security researcher at Kasperysky alerted either the NSA or CIA of it (I don't recall which), he was charged and convicted of treason.

[Ashley MLP Fangirl]

3 minutes ago, mr moose said:

Most reviews for it only rate it behind the others due to lack of features (stuff like scheduled scans). 

ummmm